In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix division by zero in setup_dsc_config
When slice_height is 0, the division by slice_height in the calculation
of the number of slices will cause a division by zero driver crash. This
leaves the kernel in a state that requires a reboot. This patch adds a
check to avoid the division by zero.
The stack trace below is for the 6.8.4 Kernel. I reproduced the issue on
a Z16 Gen 2 Lenovo Thinkpad with a Apple Studio Display monitor
connected via Thunderbolt. The amdgpu driver crashed with this exception
when I rebooted the system with the monitor connected.
kernel: ? die (arch/x86/kernel/dumpstack.c:421
arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447)
kernel: ? do_trap (arch/x86/kernel/traps.c:113 arch/x86/kernel/traps.c:154)
kernel: ? setup_dsc_config
(drivers/gpu/drm/amd/amdgpu/…/display/dc/dsc/dc_dsc.c:1053) amdgpu
kernel: ? do_error_trap (./arch/x86/include/asm/traps.h:58
arch/x86/kernel/traps.c:175)
kernel: ? setup_dsc_config
(drivers/gpu/drm/amd/amdgpu/…/display/dc/dsc/dc_dsc.c:1053) amdgpu
kernel: ? exc_divide_error (arch/x86/kernel/traps.c:194 (discriminator 2))
kernel: ? setup_dsc_config
(drivers/gpu/drm/amd/amdgpu/…/display/dc/dsc/dc_dsc.c:1053) amdgpu
kernel: ? asm_exc_divide_error (./arch/x86/include/asm/idtentry.h:548)
kernel: ? setup_dsc_config
(drivers/gpu/drm/amd/amdgpu/…/display/dc/dsc/dc_dsc.c:1053) amdgpu
kernel: dc_dsc_compute_config
(drivers/gpu/drm/amd/amdgpu/…/display/dc/dsc/dc_dsc.c:1109) amdgpu
After applying this patch, the driver no longer crashes when the monitor
is connected and the system is rebooted. I believe this is the same
issue reported for 3113.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/130afc8a886183a94cf6eab7d24f300014ff87ba (6.10-rc1)
git.kernel.org/stable/c/130afc8a886183a94cf6eab7d24f300014ff87ba
git.kernel.org/stable/c/308de6be0c9c7ba36915c0d398e771725c0ea911
git.kernel.org/stable/c/7e4f50dfc98c49b3dc6875a35c3112522fb25639
git.kernel.org/stable/c/91402e0e5de9124a3108db7a14163fcf9a6d322f
git.kernel.org/stable/c/a32c8f951c8a456c1c251e1dcdf21787f8066445
git.kernel.org/stable/c/f187fcbbb8f8bf10c6687f0beae22509369f7563
launchpad.net/bugs/cve/CVE-2024-36969
nvd.nist.gov/vuln/detail/CVE-2024-36969
security-tracker.debian.org/tracker/CVE-2024-36969
www.cve.org/CVERecord?id=CVE-2024-36969